id: CVE-2014-1842

info:
  name: Titan FTP Server Search Function < 10.40 - User Enumeration
  author: pussycat0x
  severity: medium
  description: |
    Titan FTP Server versions prior to 10.40 build 1829 contain a directory traversal vulnerability in the web interface search functionality. Remote attackers can list all existing users by submitting "/../" in the search bar, enabling user enumeration and reconnaissance.
  impact: |
    Unauthenticated attackers can exploit directory traversal in the web interface search functionality to enumerate all existing users, facilitating brute-force and targeted attacks against Titan FTP Server.
  remediation: |
    Update Titan FTP Server to version 10.40 build 1829 or later that properly sanitizes search input and prevents directory traversal in the search bar.
  classification:
    cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
    cvss-score: 5
    cve-id: CVE-2014-1842
    cwe-id: CWE-22
    epss-score: 0.02448
    epss-percentile: 0.85583
    cpe: cpe:2.3:a:southrivertech:titan_ftp_server:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: southrivertech
    product: titan_ftp_server
    shodan-query: product:"Titan ftpd"
  tags: cve,cve2014,network,ftp,titan-ftp,tcp,passive,vuln

tcp:
  - inputs:
      - data: 00000000
        type: hex

    host:
      - "{{Hostname}}"

    port: 21
    read-size: 1024

    matchers:
      - type: dsl
        dsl:
          - "contains(raw, 'Titan')"
          - "compare_versions(version, '< 10.40')"
        condition: and

    extractors:
      - type: regex
        group: 1
        name: version
        regex:
          - "Titan FTP Server ([0-9.]+)"
# digest: 4a0a00473045022073ba47a1df44dada1503ca6f3d1a0df1878a339f0657f0c8f6979bd5fce4a773022100ec113a6528baf16544946ca6ba3119da4f91429878a7c0e02453d8ab2ab0e57c:922c64590222798bb761d5b6d8e72950